website logo
Contact SupportSign In
⌘K
Start Here
Welcome!
Testing
Guides
Account Statements
A/R Inbox
Bad Debt
Custom Fields
Customer Portal
Customers
Emails
Estimates
Importing Data
Payment Incentives
Reporting
Smart Chasing
User Permissions
Payments
ACH
Direct Debit
Credit Card
PayPal
Cash Application
Credit Balances
AutoPay
Payment Plans
Payouts
Refunds
Switch to Invoiced Payments
Payment Gateways
Accounting Sync
ERP Connect
NetSuite
QuickBooks Desktop
QuickBooks Online
Sage Intacct
Xero
Integrations
Avalara
ChartMogul
Earth Class Mail
Lob
Salesforce
Single Sign-On
Slack
Twilio
Zapier
Billing
Coupons
Credit Holds
Credit Notes
Invoices
Sales Tax
Sign Up Pages
Subscription Billing
Release Notes
FAQs
Videos
Developer Docs
Docs powered by archbee 
13min

Single Sign-On

Single sign-on (SSO) allows users to use a single login across multiple enterprise applications. The Single Sign-On feature allows your team to sign in using your existing identity provider instead of an Invoiced username and password.

Setup

Now go to the Invoiced application:

  1. Go to Settings → Team → Single Sign-On. If you do not see the Single Sign-On tab then contact Invoiced Support to have this feature enabled.
  2. Turn on the SAML Enabled toggle.
  3. Enter in the email domain that your users will sign in with for the Allowed Email Domain field.
  4. Copy over the issuer URL into the Issuer (Identity Provider Entity ID) field.
  5. Copy over the sign in URL into the Sign In URL field.
  6. Copy the certificate from the identity provider and paste it into the Certificate field.

Within your identity provider follow these instructions:

  1. Create a new SAML 2.0 application in your identity provider for Invoiced.
  2. Copy the Assertion Consumer Service (ACS) URL value from the Setup Info section to the application ACS URL field in your identity provider.
  3. Copy the Service Provider Entity ID / Audience URI value from the Setup Info section to the application entity ID field in your identity provider.
  4. Set the NameID attribute to the user's email address.

Once the application has been configured on Invoiced and in the identity provider it should be possible for users to sign in using single sign-on.

Usage

Once SSO is properly configured, users can sign in to Invoiced from your Identity Provider using a feature known as Identity Provider-Initiated Sign In.

It is also possible to sign in using SSO from Invoiced if users go to the Start URL in the Setup Info section or if users click the Login with SSO button on the Invoiced login screen.

Limitations

When using Single Sign-On on Invoiced, it is important to know these limitations and features that are not supported.

  • You can only use an email domain (eg. @example.com) with a single tenant.
  • We do not currently support mandating that single sign-on is the only supported sign in mechanism. Users will still be able to sign in with username and password.
  • Just-In-Time (JIT) user provisioning is not supported. New users must also be added to Settings → Team → Users.
  • Single Log Out (SLO) is not supported.
  • System for Cross-domain Identity Management (SCIM) is not supported.



Did this page help you?
Yes
No
UP NEXT
Slack
Docs powered by archbee 
Did this page help you?
Yes
No
UP NEXT
Slack
Docs powered by archbee 
TABLE OF CONTENTS
Setup
Usage
Limitations